Granular RBAC for metrics #3312
Labels
Comments
|
@grampelberg @admc could you please assign this to me? Thanks :) |
|
Note: it is probably worth using smi-metrics where it can be used and expanding the spec where it isn't usable instead of creating a new one-off APIService. |
|
Hi ! I’m exactly in this use-case, do you currently work on it ? Thanks |
|
@PierrePIRONIN I believe that @alenkacz is currently looking into it. You can use smi-metrics as is to do something similar though. |
grampelberg
added
stage/proposal
stage/plan
and removed
area/cli
area/controller
area/security
area/telemetry
priority/P0
|
Historical What problem are you trying to solve?Many organizations have teams sharing the same cluster which should not see each other's data (multi-tenant). This was addressed for tap as part of #2725. Now that it is possible to have granular, Kubernetes based RBAC policies for tap, statistics should provide a similar benefit. How should the problem be solved?
Out of scope
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Introduce view isolation for metrics, defined by Kubernetes RBAC, to provide multi-tenancy to security conscious organizations. We previously have done this using an APIService for tap functionality.
The smi-metrics project already implements Linkerd metrics as an APIService. This has the added value of dogfooding smi-metrics and providing common tooling for other integrations in the future.
Details
The text was updated successfully, but these errors were encountered: